CA SiteMinder® Federation Standalone Installation and Upgrade Guide › Troubleshooting CA SiteMinder® Federation Standalone › Installation Troubleshooting › Migrate a CA SiteMinder® Key Database Manually

Migrate a CA SiteMinder® Key Database Manually

Symptom:

I want to migrate smkeydatabase certificate data to the certificate data store manually.

Solution:

Use the smkeydatabase migration utility (smmigratecds).

Follow these steps:

1. Be sure that all smkeydatabase instances are synchronized.
2. Log in to the federation host system on which the smkeydatabase is collocated.
3. Do one of the following steps to verify that the certificate data store is configured correctly:
   • (Windows) Open a command prompt and run the following command:

     smmigratecds.bat -validateInstall
     

     -validateInstall

     Verifies that the certificate data store is installed correctly.

   • (UNIX) Open a shell and run the following command:

     smmigratecds.sh -validateInstall
     

4. Compare the contents of the smkeydatabase to the certificate data store. Comparing the contents identifies data inconsistencies that can prevent a successful migration.

   Follow the step for your operating platform:

   • (Windows) Run the following command:

     smmigratecds.bat -validate -log log_file
     

     -validate

     Compares the contents of the smkeydatabase to the certificate data store.

     -log

     Sends the validation results to a log.

     log_file

     Specifies the name of the log file and the location to which the utility sends it.

     Example: -log "C:\FederationStandalone\logs"

   • (UNIX) Run the following command:

     smmigratecds.sh -validate -log log_file
     

5. (Optional) If data inconsistencies exist, use the log file to identify the problem.
6. Do one of the following steps to begin the migration:
   • (Windows) Run the following command:

     smmigratecds.bat -migrate -log log_file -p unencrypted_password
     

   • (UNIX) Run the following command:

     smmigratecds.sh -migrate -log log_file -p unencrypted_password
     

   The command arguments indicate the following action:

   -migrate

   Migrates the smkeydatabase to the certificate data store.

   -log

   Sends the migration results to a log.

   log_file

   Specifies the name of the log file and the location to which the utility sends it.

   Examples:

   -log "C:\Progam Files\Sample\Logs"

   -log export/fed/Sample/Logs"

   -p

   (Optional). Specifies the unencrypted value of the smkeydatabase password. Use this argument to avoid any problems if a system cannot decrypt the password stored in smkeydatabase.properties file.

   unencrypted_password

   Specifies the unencrypted password for the smkeydatabase.

7. (Optional) If the migration fails, use the log file to identify the cause.